search

terraform-google-modules / terraform-google-vault

Deploys Vault on Compute Engine
https://registry.terraform.io/modules/terraform-google-modules/vault/google
Apache License 2.0
192 stars 127 forks source link

Startup script is failing to install logging & monitoring agents - stackdriver and google-fluentd #211

Closed GitKaran closed 1 week ago

GitKaran commented 2 months ago

Hi, we are encountering the below issue. After upgrading the module to v7.0.2. We restarted VMs and started getting errors to ship logs to statsd

vault[3436]: [ERR] Error flushing to statsd! Err: write udp 127.0.0.1:37840->127.0.0.1:8125: write: connection refused

Its due to the service google-fluentd is not installed and configured.

Checking startup script logs we got to know its failing to install the google agents

google_metadata_script_runner[1791]: startup-script: Adding agent repository for debian.
google_metadata_script_runner[1791]: startup-script: deb https://packages.cloud.google.com/apt google-cloud-logging-bookworm-all main
google_metadata_script_runner[1791]: startup-script: Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
google_metadata_script_runner[1791]: startup-script: OK
google_metadata_script_runner[1791]: startup-script: + curl -sSfL https://dl.google.com/cloudagents/add-monitoring-agent-repo.sh
google_metadata_script_runner[1791]: startup-script: + bash
google_metadata_script_runner[1791]: startup-script: Adding agent repository for debian.
google_metadata_script_runner[1791]: startup-script: deb https://packages.cloud.google.com/apt google-cloud-monitoring-bookworm-all main
google_metadata_script_runner[1791]: startup-script: Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
google_metadata_script_runner[1791]: startup-script: OK
google_metadata_script_runner[1791]: startup-script: + apt-get update -yqq
google_metadata_script_runner[1791]: startup-script: E: The repository 'https://packages.cloud.google.com/apt google-cloud-logging-bookworm-all Release' does not have a Rele>
google_metadata_script_runner[1791]: Script "startup-script" failed with error: exit status 100

Expected behavior

service google-fluentd should be running and vault logs should be available.

Observed behavior

Logging and monitoring Agents are not installed

Terraform Configuration

module "vault" {
  source                    = "terraform-google-modules/vault/google"
  version                   = "7.0.2"
  project_id                = var.project_id
  region                    = var.region
  vault_version             = "1.17.1"
  vault_instance_base_image = "debian-cloud/debian-12"
}

Terraform Version

Terraform v1.9.2
on darwin_arm64

Additional information

No response

raj-saxena commented 2 months ago

Downgrading to debian-11 helped. 

module "vault" {
  source                    = "terraform-google-modules/vault/google"
  version                   = "7.0.2"
  project_id                = var.project_id
  region                    = var.region
  vault_version             = "1.17.1"
  vault_instance_base_image = "debian-cloud/debian-12"
}

Possibly worthwhile for https://github.com/terraform-google-modules/terraform-google-vault/issues/210 too.

igorpeshansky commented 2 months ago

The Google Cloud logging agent (google-fluentd) does not support Debian 12 Bookworm^1. So downgrading to Debian 11 is the right workaround.

github-actions[bot] commented 2 weeks ago

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days